First published: Fri Nov 17 2023(Updated: )
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### Summary Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that. ### PoC Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add payload marker at password parameter value. Start the attack after adding your password list We have added 74 passwords Check screenshot for more info <img width="1241" alt="Screenshot 2023-11-06 at 8 55 19 PM" src="https://user-images.githubusercontent.com/31764504/280905148-42274f1e-f869-4145-95b4-71c0bffde3a0.png"> ### Impact An attacker can Bruteforce user accounts and using GET request for authentication is not recommended because certain web servers logs all requests in old logs which can also store victim user credentials.
Credit: email@example.com firstname.lastname@example.org
|Affected Software||Affected Version||How to fix|
CVE-2023-46745 is a vulnerability in the login page of libreNMS that allows bypassing rate limiting by using a GET request for authentication.
This vulnerability occurs because there is no rate limiting security feature in place for the GET request used for authentication.
CVE-2023-46745 has a severity score of 5.3, which is considered medium.
To fix CVE-2023-46745, update to version 23.11.0 of libreNMS, which includes a remedy for this vulnerability.
CVE-2023-46745 is associated with the CWE categories 770 (Allocation of Resources Without Limits or Throttling) and 307 (Improper Restriction of Excessive Authentication Attempts).